public bool GetThreadContext(uint threadID, uint contextFlags, Span <byte> context)
{
using SafeWin32Handle thread = OpenThread(ThreadAccess.THREAD_ALL_ACCESS, true, threadID);
if (thread.IsInvalid)
return(false);
fixed(byte *ptr = context)
return(GetThreadContext(thread.DangerousGetHandle(), new IntPtr(ptr)));
}
public bool GetThreadContext(uint threadID, uint contextFlags, Span <byte> context)
{
// We need to set the ContextFlags field to be the value of contextFlags. For AMD64, that field is
// at offset 0x30. For all other platforms that field is at offset 0. We test here whether the context
// is large enough to write the flags and then assign the value based on the architecture's offset.
bool amd64 = Architecture == Architecture.X64;
if (context.Length < 4 || (amd64 && context.Length < 0x34))
{
return(false);
}
if (amd64)
{
fixed(byte *ptr = context)
{
AMD64Context *ctx = (AMD64Context *)ptr;
ctx->ContextFlags = contextFlags;
}
}
else
{
fixed(byte *ptr = context)
{
uint *intPtr = (uint *)ptr;
*intPtr = contextFlags;
}
}
using SafeWin32Handle thread = OpenThread(ThreadAccess.THREAD_ALL_ACCESS, true, threadID);
if (thread.IsInvalid)
return(false);
fixed(byte *ptr = context)
return(GetThreadContext(thread.DangerousGetHandle(), new IntPtr(ptr)));
}
public static extern SafeMapViewHandle MapViewOfFile(SafeWin32Handle hFileMappingObject, uint
dwDesiredAccess, uint dwFileOffsetHigh, uint dwFileOffsetLow,
IntPtr dwNumberOfBytesToMap);
public int GetMetadata(string filename, uint imageTimestamp, uint imageSize, IntPtr mvid, uint mdRva, uint flags, uint bufferSize, byte[] buffer, IntPtr dataSize)
{
filename = FindImage(filename, imageTimestamp, imageSize);
if (filename == null)
{
return(-1);
}
if (!File.Exists(filename))
{
return(-1);
}
try
{
using (FileStream file = File.OpenRead(filename))
{
using (SafeWin32Handle handle = NativeMethods.CreateFileMapping(file.SafeFileHandle, IntPtr.Zero, NativeMethods.PageProtection.Readonly, 0, 0, null))
{
if (handle.IsInvalid)
{
return(-1);
}
using (SafeMapViewHandle image = NativeMethods.MapViewOfFile(handle, NativeMethods.FILE_MAP_READ, 0, 0, IntPtr.Zero))
{
if (image.IsInvalid)
{
return(-1);
}
if (mdRva == 0)
{
uint size;
IntPtr header = NativeMethods.ImageDirectoryEntryToData(image.BaseAddress, false,
NativeMethods.IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
out size);
if (header == IntPtr.Zero)
{
return(-1);
}
IMAGE_COR20_HEADER corhdr = (IMAGE_COR20_HEADER)Marshal.PtrToStructure(header, typeof(IMAGE_COR20_HEADER));
if (bufferSize < corhdr.MetaData.Size)
{
return(-1);
}
mdRva = corhdr.MetaData.VirtualAddress;
bufferSize = corhdr.MetaData.Size;
}
IntPtr ntHeader = NativeMethods.ImageNtHeader(image.BaseAddress);
IntPtr addr = NativeMethods.ImageRvaToVa(ntHeader, image.BaseAddress, mdRva, IntPtr.Zero);
Marshal.Copy(addr, buffer, 0, (int)bufferSize);
return(0);
}
}
}
}
catch
{
Debug.Assert(false);
}
return(-1);
}
public static extern SafeMapViewHandle MapViewOfFile(SafeWin32Handle hFileMappingObject, uint
dwDesiredAccess, uint dwFileOffsetHigh, uint dwFileOffsetLow,
IntPtr dwNumberOfBytesToMap);
